Skip to main content
CVE-2025-48808 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows Server 2019 Windows Server 2022 23h2 Windows Server 2025 +13
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-5463 MEDIUM This Month

Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a local authenticated attacker to obtain that information.

Information Disclosure Ivanti Connect Secure Policy Secure
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-48810 MEDIUM PATCH This Month

CVE-2025-48810 is a security vulnerability (CVSS 5.5) that allows an authorized attacker. Remediation should follow standard vulnerability management procedures.

Microsoft Information Disclosure Windows 11 24h2 Windows Server 2025 Windows
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-48809 MEDIUM PATCH This Month

CVE-2025-48809 is a security vulnerability (CVSS 5.5) that allows an authorized attacker. Remediation should follow standard vulnerability management procedures.

Microsoft Information Disclosure Windows 11 24h2 Windows Server 2025 Windows
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-26636 MEDIUM PATCH This Month

CVE-2025-26636 is a security vulnerability (CVSS 5.5) that allows an authorized attacker. Remediation should follow standard vulnerability management procedures.

Microsoft Information Disclosure Windows Server 2025 Windows 11 24h2 Windows
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-49684 MEDIUM PATCH This Month

Buffer over-read in Storage Port Driver allows an authorized attacker to disclose information locally.

Buffer Overflow Windows 10 1507 Windows Server 2016 Windows Server 2019 Windows Server 2025 +11
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-49658 MEDIUM PATCH This Month

Out-of-bounds read in Windows TDX.sys allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Buffer Overflow Windows Server 2019 Windows Server 2012 +14
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-48812 MEDIUM PATCH This Month

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Microsoft Information Disclosure Buffer Overflow Excel 365 Apps +3
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-20687 MEDIUM This Month

In Bluetooth driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418045; Issue ID: MSV-3481.

Information Disclosure Buffer Overflow Denial Of Service Nbiot Sdk
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-47120 MEDIUM This Month

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Buffer Overflow Adobe Stack Overflow Framemaker
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-49525 MEDIUM This Month

Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Information Disclosure Buffer Overflow Illustrator
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-30313 MEDIUM This Month

Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Information Disclosure Buffer Overflow Illustrator
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-27165 MEDIUM This Month

Substance3D - Stager versions 3.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Information Disclosure Buffer Overflow Substance 3d Stager
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43584 MEDIUM This Month

Substance3D - Viewer versions 0.22 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Information Disclosure Buffer Overflow Substance 3d Viewer
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-47135 MEDIUM This Month

Dimension versions 4.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Information Disclosure Buffer Overflow Dimension
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43587 MEDIUM This Month

After Effects versions 25.2, 24.6.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Information Disclosure Buffer Overflow After Effects
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21168 MEDIUM This Month

Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Information Disclosure Buffer Overflow Substance 3d Designer
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21167 MEDIUM This Month

Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Information Disclosure Buffer Overflow Substance 3d Designer
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21009 MEDIUM This Month

Out-of-bounds read in decoding malformed frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.

Information Disclosure Buffer Overflow Android Samsung
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21008 MEDIUM This Month

Out-of-bounds read in decoding frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.

Information Disclosure Buffer Overflow Android Samsung
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21007 MEDIUM This Month

Out-of-bounds write in accessing uninitialized memory in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.

Buffer Overflow Memory Corruption Android Samsung
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-47119 MEDIUM This Month

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Null Pointer Dereference Adobe Denial Of Service Framemaker
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-49524 MEDIUM This Month

Illustrator versions 28.7.6, 29.5.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Null Pointer Dereference Denial Of Service Illustrator
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43583 MEDIUM This Month

Substance3D - Viewer versions 0.22 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Null Pointer Dereference Denial Of Service Substance 3d Viewer
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-47109 MEDIUM This Month

After Effects versions 25.2, 24.6.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Null Pointer Dereference Denial Of Service After Effects
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43580 MEDIUM This Month

Audition versions 25.2, 24.6.3 and earlier are affected by an Access of Memory Location After End of Buffer vulnerability that could result in application denial-of-service. An attacker could leverage this vulnerability to crash the application or disrupt its functionality. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Denial Of Service Audition
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-20692 MEDIUM This Month

In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418040; Issue ID: MSV-3476.

Information Disclosure Buffer Overflow Software Development Kit Openwrt
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-20691 MEDIUM This Month

In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418039; Issue ID: MSV-3477.

Information Disclosure Buffer Overflow Software Development Kit Openwrt
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-20690 MEDIUM This Month

In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418038; Issue ID: MSV-3478.

Information Disclosure Buffer Overflow Openwrt Software Development Kit
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-20689 MEDIUM This Month

In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418048; Issue ID: MSV-3479.

Information Disclosure Buffer Overflow Openwrt Software Development Kit
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-20688 MEDIUM This Month

In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418047; Issue ID: MSV-3480.

Information Disclosure Buffer Overflow Openwrt Software Development Kit
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-38237 MEDIUM PATCH This Month

CVE-2025-38237 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Linux Information Disclosure Ubuntu Debian Linux Kernel +3
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21005 MEDIUM This Month

Improper access control in isemtelephony prior to Android 15 allows local attackers to access sensitive information.

Information Disclosure Android Samsung
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-20998 MEDIUM This Month

A security vulnerability in SamsungAccount for Galaxy Watch (CVSS 5.5) that allows local attackers. Remediation should follow standard vulnerability management procedures.

Information Disclosure Wear Os Samsung
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-49547 MEDIUM This Month

Adobe Experience Manager versions 11.4 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Scope is changed.

XSS Adobe
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-49534 MEDIUM This Month

Adobe Experience Manager versions 11.4 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Scope is changed.

XSS Adobe
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-7363 MEDIUM PATCH This Month

The TitleIcon extension for MediaWiki is vulnerable to stored XSS through the #titleicon_unicode parser function. User input passed to this function is wrapped in an HtmlArmor object without sanitization and rendered directly into the page header, allowing attackers to inject arbitrary JavaScript. This issue affects Mediawiki - TitleIcon extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.

XSS
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-53479 MEDIUM PATCH This Month

The CheckUser extension’s Special:CheckUser interface is vulnerable to reflected XSS via the rev-deleted-user message. This message is rendered without proper escaping, making it possible to inject JavaScript through the uselang=x-xss language override mechanism. This issue affects Mediawiki - CheckUser extension: from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.

XSS
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-53480 MEDIUM PATCH This Month

The CheckUser extension’s Special:Investigate page has a vulnerability in the Account information tab, where specific internationalized messages are rendered without proper escaping. Attackers can exploit this by appending ?uselang=x-xss to the URL, causing reflected XSS when the UI renders affected message keys. This issue affects Mediawiki - CheckUser extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.

XSS
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-40721 MEDIUM PATCH This Month

Reflected Cross-site Scripting (XSS) vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL trhough the id_factura parameter in /<Client>FacturaE/listado_facturas_ficha.jsp.

XSS Quiter Gateway
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-5570 MEDIUM This Month

The AI Engine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the mwai_chatbot shortcode 'id' parameter in all versions up to, and including, 2.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

WordPress XSS Ai Engine PHP
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-42973 MEDIUM This Month

Due to a Cross-Site Scripting vulnerability in SAP Data Services Management Console, an authenticated attacker could exploit the search functionality associated with DQ job status reports. By intercepting requests, malicious script can be injected and subsequently executed when a user loads the affected page. This results in a limited impact on the confidentiality and integrity of user session information, while availability remains unaffected.

SAP XSS
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-2793 MEDIUM This Month

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.6, 6.2.0.0 through 6.2.0.4, IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

XSS IBM Sterling B2b Integrator Sterling File Gateway
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-7362 MEDIUM PATCH This Month

The MsUpload extension for MediaWiki is vulnerable to stored XSS via the msu-continue system message, which is inserted into the DOM without proper sanitization. The vulnerability occurs in the file upload UI when the same filename is uploaded twice. This issue affects Mediawiki - MsUpload extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.

File Upload XSS
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-5957 MEDIUM This Month

A security vulnerability in all (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-24002 MEDIUM This Month

An unauthenticated remote attacker can use MQTT messages to crash a service on charging stations complying with German Calibration Law, resulting in a temporary denial-of-service for these stations until they got restarted by the watchdog.

Denial Of Service Charx Sec 3100 Firmware Charx Sec 3000 Firmware Charx Sec 3050 Firmware Charx Sec 3150 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-41222 MEDIUM This Month

A vulnerability has been identified in RUGGEDCOM i800 (All versions), RUGGEDCOM i801 (All versions), RUGGEDCOM i802 (All versions), RUGGEDCOM i803 (All versions), RUGGEDCOM M2100 (All versions), RUGGEDCOM M2200 (All versions), RUGGEDCOM M969 (All versions), RUGGEDCOM RMC30 (All versions), RUGGEDCOM RMC8388 V4.X (All versions), RUGGEDCOM RMC8388 V5.X (All versions < V5.10.0), RUGGEDCOM RP110 (All versions), RUGGEDCOM RS1600 (All versions), RUGGEDCOM RS1600F (All versions), RUGGEDCOM RS1600T (All versions), RUGGEDCOM RS400 (All versions), RUGGEDCOM RS401 (All versions), RUGGEDCOM RS416 (All versions), RUGGEDCOM RS416P (All versions), RUGGEDCOM RS416Pv2 V4.X (All versions), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.10.0), RUGGEDCOM RS416v2 V4.X (All versions), RUGGEDCOM RS416v2 V5.X (All versions < V5.10.0), RUGGEDCOM RS8000 (All versions), RUGGEDCOM RS8000A (All versions), RUGGEDCOM RS8000H (All versions), RUGGEDCOM RS8000T (All versions), RUGGEDCOM RS900 (All versions), RUGGEDCOM RS900 (32M) V4.X (All versions), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RS900G (All versions), RUGGEDCOM RS900G (32M) V4.X (All versions), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RS900GP (All versions), RUGGEDCOM RS900L (All versions), RUGGEDCOM RS900M-GETS-C01 (All versions), RUGGEDCOM RS900M-GETS-XX (All versions), RUGGEDCOM RS900M-STND-C01 (All versions), RUGGEDCOM RS900M-STND-XX (All versions), RUGGEDCOM RS900W (All versions), RUGGEDCOM RS910 (All versions), RUGGEDCOM RS910L (All versions), RUGGEDCOM RS910W (All versions), RUGGEDCOM RS920L (All versions), RUGGEDCOM RS920W (All versions), RUGGEDCOM RS930L (All versions), RUGGEDCOM RS930W (All versions), RUGGEDCOM RS940G (All versions), RUGGEDCOM RS969 (All versions), RUGGEDCOM RSG2100 (All versions), RUGGEDCOM RSG2100 (32M) V4.X (All versions), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2100P (All versions), RUGGEDCOM RSG2100P (32M) V4.X (All versions), RUGGEDCOM RSG2100P (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2200 (All versions), RUGGEDCOM RSG2288 V4.X (All versions), RUGGEDCOM RSG2288 V5.X (All versions < V5.10.0), RUGGEDCOM RSG2300 V4.X (All versions), RUGGEDCOM RSG2300 V5.X (All versions < V5.10.0), RUGGEDCOM RSG2300P V4.X (All versions), RUGGEDCOM RSG2300P V5.X (All versions < V5.10.0), RUGGEDCOM RSG2488 V4.X (All versions), RUGGEDCOM RSG2488 V5.X (All versions < V5.10.0), RUGGEDCOM RSG907R (All versions < V5.10.0), RUGGEDCOM RSG908C (All versions < V5.10.0), RUGGEDCOM RSG909R (All versions < V5.10.0), RUGGEDCOM RSG910C (All versions < V5.10.0), RUGGEDCOM RSG920P V4.X (All versions), RUGGEDCOM RSG920P V5.X (All versions < V5.10.0), RUGGEDCOM RSL910 (All versions < V5.10.0), RUGGEDCOM RST2228 (All versions < V5.10.0), RUGGEDCOM RST2228P (All versions < V5.10.0), RUGGEDCOM RST916C (All versions < V5.10.0), RUGGEDCOM RST916P (All versions < V5.10.0). Affected devices do not properly handle malformed TLS handshake messages. This could allow an attacker with network access to the webserver to cause a denial of service resulting in the web server and the device to crash.

Denial Of Service
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-55599 MEDIUM This Month

A security vulnerability in FortiOS (CVSS 5.3) that allows a remote unauthenticated user. Remediation should follow standard vulnerability management procedures.

Fortinet Apple Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-7031 MEDIUM PATCH This Month

Missing Authentication for Critical Function vulnerability in Drupal Config Pages Viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Config Pages Viewer: from 0.0.0 before 1.0.4.

Authentication Bypass Config Pages Viewer Drupal
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2024-49783 MEDIUM PATCH This Month

CVE-2024-49783 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Information Disclosure IBM Openpages With Watson
NVD
CVSS 3.1
5.3
EPSS
0.0%
Prev Page 8 of 9 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy